Do not apply logic to any federal banking regulation. This is a line I often use when teaching new compliance officers the basics of the regulations. The no logic rule is especially true when two or more regulations are regulating the same general areas. Indeed, one need only attempt to define the term “application” for the various real estate lending regulations to know that logic is not a goal of the regulators.
That is not to say that regulators intentionally confuse us. The public policy interests of each regulation stand alone. For example, when Regulation B was drafted, the term application was defined to assist regulators in ensuring that non-discrimination in lending occurred. When Regulation Z was drafted, the intent was to provide for consistent disclosures. With different public policy goals, the author of each regulation, the Federal Reserve Board, had different goals to accomplish. As a result, a term like application can have different meanings.
Similarly, because of the public policy interests, whole regulations can seemingly be in opposition. Indeed, that is what many bankers are saying has occurred when they attempt to comply with privacy and fairness laws at the same time they attempt to comply with anti-money laundering rules. This regulatory crossroad can be difficult. However, a strong compliance program can result in full compliance despite the apparent contradictions. In fact, a strong compliance program must comply with all regulations and not allow a collision at these crossroads. To support this, I will first look at these regulations and than present some rules for your program.
Fairness and Be Suspicious Regulations
On the side of thou shall treat everyone equal, are the fairness laws. The public policy behind the fairness laws is to ensure that everyone in our society is treated fairly, without illegal discrimination and to ensure that banks promote economic prosperity for all geographies. For sake of this article, I have lumped the privacy laws as a fairness law.
Equal Treatment Laws - Regulation B and the Fair Housing Act prohibit an institution from disparately treating a loan applicant on the 11 prohibited bases, including race and national origin. In addition, these regulations prohibit any practices that have the effect of discrimination. Some important distinctions for this article are that Regulation B only covers credit transaction.
Community Reinvestment Act – CRA requires banks to meet the needs of their communities, especially low- and moderate-income areas.
Privacy Laws – Gramm-Leach-Bliley Act and other privacy provisions in state and federal laws seek to inform consumers fairly as to when the bank will share information outside the bank. The public policy of privacy laws is to ensure consumer knowledge and to provide a means in certain circumstances to prevent disclosure.
On the side of deputizing the bank as an arm of law enforcement, are the be suspicious of your customer laws. The public policy behind the be suspicious laws is based on the fact that bad guys need banks to operate their bad activities. As a result, banks need to help ensure the bad guys are stopped. The laws are as follows:
Anti-money laundering (AML) – For banks, this is the Bank Secrecy Act (BSA). BSA requires the bank to report certain cash transactions and monitor accounts for suspicious transactions.
OFAC – The Office of Foreign Asset Control requires that an institution not engage in financial transactions with certain bad people and companies, such as terrorists and drug dealers. Anyone who reads this list will find significant numbers of ethnic names, including many Middle Eastern and Hispanic individuals.
Section 326 of USA PATRIOT Act, CIP – The CIP requirements became effective on Oct. 1, 2003. The procedures, referred to in the ICBA comment letter noted above, place new requirements on financial institutions to identify the customer.
Collision at the Intersection
The fairness laws and the be suspicious laws are often on a collision course. Bankers often cite scenarios like the following:
• A banker in a small town with a homogenous white population has two new account customers. One is an individual of Middle Eastern dissent, the other a white male. Instinct tells the new accounts employee to be suspicious of the one account and not the other. Is this correct?
• A commercial relationship officer in a large urban center has two long-time commercial customers wishing to wire money overseas. The first customer of Pakistani descent is wiring $12,000 to Jordan. The second customer, a white female, wires $14,000 to New Zealand. Should he more closely scrutinize the account wiring funds to Jordan?
• The new accounts procedure at the bank requires two forms of identification. However, many seasonal migrant farm workers in the community have limited identification and often in forms unfamiliar to the bank. Should the bank modify its procedures for these immigrants?
These examples are exactly what is frustrating the bankers today. Frustrating because no one can provide a definitive answer on these situations. Pose anyone of these examples to a regulatory panel and you will receive an answer essentially equivalent to a shrug of the shoulders. However, the regulators will never suggest that you should chose compliance of one law or regulation over the other. They will emphatically state that you must comply with both the fairness laws and the be suspicious laws and that one does not supercede the other.
Circumstantial, Not Transactional Compliance
In fact, I believe that the shrug of the shoulders by the regulators is precisely correct. These issues are far more complex than can be defined by simple examples. Each question begs a series of additional questions that cannot be listed in this article or even a book. The fact is, compliance with the “be suspicious” and the “fairness” laws is not transactional, but rather circumstantial.
This is difficult, as compliance officers love transactional compliance. Transactional compliance usually is a yes or no answer:
• Does the bank provide the required disclosure timely?
• Is the APR accurate within tolerance?
However, circumstantial compliance is not nearly as easy to review, interpret and comply with. The answers are seldom absolutes:
• Do the transactions constitute suspicious activity given the following scenario?
• Did the loan officer treat the minority applicant consistent with majority applicants?
Build Your Routines
Given this fact, how does a bank compliance officer develop a compliance program for the multitude of circumstances that can present themselves? The answer is simple: ROUTINES. I use the word routines; Regulators use the terms policies and procedures. Banks must have strong policies and procedures that support the line when these scenarios arise.
For example, the “fairness” laws require policies on equal treatment and procedures to ensure consistent delivery of products and services without regard to a protected class. The “be suspicious” policies and procedures provide the bank with a consistent methodology to determine whether an account is suspicious.
However, the routines cannot stand alone. If a policy or process that is developed for one law has a violation for another area, a violation has occurred. The bank must build policies that ensure collisions do not occur. You do this by crafting policies in such a way that the bank has a clear methodology that can be defended when they are questioned about the circumstances.
While the answer is simple, the implementation is not. This will take work at the individual bank level. There is not an off-the-shelf solution. Here are the steps you need to take:
1. Read and understand your current policies and procedures individually for each of the “fairness” and “be suspicious” issues. Clear procedures should define accountability, establish flow, and anticipate exceptions.
2. Identify potential collision points in the process.
3. Draft the policy to ensure that the collision point is neutral to the regulation.
4. Train to ensure a full understanding of the policies and the required processes and than discuss circumstances that illustrate potential collisions.
5. Monitor to ensure consistent application.
A disciplined process will result in the bank having policies that ensure compliance with the myriad of circumstances that result. The real value of this process will arrive during a regulatory examination. Examiners often present a set of facts to a bank based on a transaction or event that they uncovered during the course of the exam. Invariably, memories of the employees will have failed; however, the compliance officer will be able to support the bank’s process by pointing to the routines the bank employs to ensure compliance. Routines that ultimately ensure the circumstances are in compliance.
Matt Schriner is managing director of risk management for Alex Sheshunoff Management, a leading bank consulting firm. Mr. Schriner manages the firm’s risk management practice and is a frequent speaker and writer on risk management topics. To learn more about Alex Sheshunoff Management Services, please contact us at (800) 477-1772 ext. 695.